accountin - gbv.de · chapter 2 systems techniques and documentation 35 users of systems techniques...
TRANSCRIPT
y-
Accountin
Eleventh Edition
George HL Bodnar
Florida Atlantic University
PEARSON
Pearson Education International
Boston Columbia Indianapolis New York San Francisco Upper Saddle River AmsterdamCape Town Dubai London Madrid Milan Munich Paris Montreal Toronto Delhi Mexico City
Sao Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo
.
Contents
Preface xviiList of Acronyms xx
PART I Introduction to Accounting InformationSystems 1
Chapter 1 Accounting Information Systems: An Overview 1Accounting Information Systems and Business Organizations 1
Information and Decisions 1Users of Accounting Information 1Characteristics of Information 2
Information Systems 3Data Processing 3Management Information Systems 4Decision Support Systems 4Expert Systems 4Executive Information Systems 4Accounting Information Systems 4
Accounting Information Systems and Application
Architecture 5
Evolution of Applications Architecture 5Enterprise Resource Planning (ERP) 6
Business Processes 8Business Process Reference Models 8
The ERP Functional Model 9The Value Chain Model 9The Supply Chain Model 10The Operations Process Model 10The Transaction Cycle Model 10
Internal Control Process 12Elements of Internal Control Process 12Segregation of Accounting Functions 13Internal Audit Function 14
Accounting and Information Technology 15
The Information System Function 15Organizational Location 15Functional Specializations 16
End-User Computing 17Cloud Computing 17Quick-Response Technology 19
Lean Manufacturing 20Just-in-Time 20Web Commerce 21Electronic Data Interchange 21Extensible Business Reporting Language 21Electronic Payment Systems 22
The Accountant and Systems Development 23
The Nature of Systems Development 23Business Process Blueprinting 24Behavioral Considerations in Systems Development 25
CONTENTS
Green IT: Designing for Sustainability 25Energy Usage 25E-Waste 26
Summary 26 » Glossary 26 • Webliography 28 « Chapter Quiz 28 • ReviewQuestions 29 • Discussion Questions and Problems 29 o Web ResearchAssignments 33 « Answers to Chapter Quiz 34
Chapter 2 Systems Techniques and Documentation 35Users of Systems Techniques 35
Use of Systems Techniques in Auditing 35Internal Control Evaluation 35Compliance Testing 36Working Papers 36
Use of Systems Techniques in SystemsDevelopment 36
Systems Analysis 36Systems Design 36Systems Implementation 37
Use of Systems Techniques by Sarbanes-Oxley ActCompliance Participants 37
Systems Techniques 38Flowcharting Symbols 38Symbol Use in Flowcharting 41IPO and HIPO Charts 42Systems and Program Flowcharts 43Logical Data Flow Diagrams 43Logical Data Flow Diagrams and StructuredAnalysis 44Analytic, Document, and Forms Distribution Flowcharts 46Analytic Flowcharting Illustration 48
Planning the Flowchart 48Symbol Selection 48System Analysis 48Drawing the Flowchart 49Sandwich Rule 50Using the Connector Symbol 50Entity-Column Relations 50
Unified Modeling Language™ (UML®) 52Business Process Diagrams 54Narrative Techniques 60Resource Utilization Analysis 60
Work Measurement 61Work Distribution Analysis 62
Decision Analysis Techniques 62Branching and Decision Tables 62Matrix Methods 64
Software for Systems Techniques 64Microsoft Office® Applications 65Computer-Aided Software Engineering 65UML Modeling Tools 65BPMN Modeling Tools 65
Summary 65 o Glossary 67 • Webliography 67 » Chapter Quiz 68 « ReviewProblem 68 * Review Questions 69 » Discussion Questions and Problems 69 «Web Research Assignments 79 « Answers to Chapter Quiz 79
Vi CONTENTS
Chapter 3 eBusiness and eCommerce 80Introduction: Electronic Business and Electronic Commerce 80
The Internet 80Client and Servers 81
Types of Servers 81
eBusiness and Enterprise Architecture 83The Business Architecture 84The Data Architecture 85
Databases 85The Corporate Information Factory 86
The Applications Architecture 87ERP and EAS Architectures 88Service-Oriented Architecture 88Benefits of SOA 89Middleware 89
The Technical Architecture 90Enterprise Architecture Frameworks 91
Business Process Frameworks and Reference Models 91Value Chain Frameworks 91Supply Chain Frameworks 92
eBusiness Architectures 92Electronic Commerce Technologies 93
Electronic Payment Systems 93Digital Cash 93Virtual Cash 93Virtual Cash in Electronic Cards 93
The Internet Store 94Trust in eCommerce: Privacy, Business Practices, and Transaction Integrity 95
Summary 96 • Glossary 96 • Webliography 98 • Chapter Quiz 98 • ReviewQuestions 99 • Discussion Questions and Problems 99 • Web ResearchAssignments 102 • Answers to Chapter Quiz 102
Chapter 4 Transaction Processing and the Internal Control Process 103The Necessity for Controls 103
Enterprise Risk Management 103Controls and Exposures 104Common Exposures 104
Excessive Costs 104Deficient Revenues 105Loss of Assets 105Inaccurate Accounting 105Business Interruption 105Statutory Sanctions 105Competitive Disadvantage 105Fraud and Embezzlement 105
Fraud and White-Collar Crime 105Forensic Accounting 107Seriousness of Fraud 107
Control Objectives and Transaction Cycles 107Components of the Internal Control Process 108
External Influences Concerning an Entity and Internal Control 109The Sarbanes-Oxley Act 110
Compliance with Sox Section 404 111,
CONTENTS v i i
The Impact of the Business Environment on Internal Control 113Control Environment 113
Integrity and Ethical Values 113Commitment to Competence 115Management Philosophy and Operating Style 115Organizational Structure 116Functions of the Board of Directors and Its Committees 116Manner of Assigning Authority and Responsibility 117Human Resource Policies and Practices 118
Risk Assessment 119Control Activities 119
Segregation of Duties 119Adequate Documents and Records 120Restricted Access to Assets 120Independent Accountability Checks and Reviews of Performance 121Information Processing Controls 121
Information and Communication 122Documentation of the Accounting System 122Double-Entry System of Accounting 122Communication 123
Monitoring 123A Model for Monitoring 124
Transaction Processing Controls 124General Controls 124
The Plan of Data Processing Organization and Operation 125General Operating Procedures 125Equipment Control Features 126Equipment and Data-Access Controls 126
Application Controls 126Input Controls 126Processing Controls 128Output Controls 129
Preventative, Detective, and Corrective Controls 130Communicating the Objectives of Internal Control 130Goals and Behavior Patterns 131
Analysis of Internal Control Processes 133Analytic Techniques 133Internal Control and Compliance in Small Business and Small Public Companies. 135Illustration of an Internal Control Analysis 137
Summary 138 • Glossary 138 • Webliography 140 • Chapter Quiz 141 e° Review Problem 141 • Solution to Review,Problem 142 • Review
Questions 142 • Discussion Questions and Problems 142 • Web ResearchAssignments 149 • Answers to Chapter Quiz 149
Chapter 5 Fraud Examination and Fraud Management 150The Fraud Management Process 150
Fraud Prevention 151Fraud Detection 151
Optimal Fraud Detection Systems 153Fraud Investigation Process 153
The Fraud Engagement Process 154The Evidence Collection Process 156
Physical, Document, and Observation Evidence 158
V i i i CONTENTS
The Fraud Report 163Loss Recovery and Litigation 163Expert Testimony 164
Fraud Schemes 165Financial Statement Fraud 165
Who Commits Financial Statement Fraud and Why 166How to Prevent Financial Statement Fraud 167
Employee Fraud 167Revenue Cycle Fraud 168Expenditure Cycle Fraud 169Production Cycle Fraud 171
Vendor Fraud 171Computer Forensics 171
Evidence Gathering with Computers 172Preliminary Steps 172Collecting Computer-Related Evidence 172Pull the Plug 173Don't Pull the Plug 173Device Processing 174Content Investigation 174Deleted or Corrupted Data Recovery 174
Location Analysis 174Password Cracking 176Surreptitious User Monitoring and Reporting 176
Summary 177 ® Glossary 178 © Webliography 178 ® Chapter Quiz 179 •Review Problem 179 • Solution to Review Problem 179 • Review Questions 180Discussion Questions and Problems 180 ® Web Research Assignments 186 •Answers to Chapter Quiz 186
Chapter 6 Information Security 187An Overview of Information Security 187
The Information Security Management System Life Cycle 188International Standards for Information Security 188The Information Security System in the Organization 189Analyzing Vulnerabilities and Threats 189
Vulnerabilities and Threats 190The Seriousness of Information Systems Fraud 190Individuals Posing a Threat to the Information System 191
Computer and Information Systems Personnel 191Users 192 -Intruders and Hackers 192
Methods of Attack by Information Systems Personnel and Users 198Input Manipulation 198Program Alteration 199Direct File Alteration 199Data Theft 199Sabotage 200Misappropriation or Theft of Information Resources 200
The Information Security Management System 201The Control Environment 201
Management Philosophy and Operating Style 201Organizational Structure 201
CONTENTS i x
Board of Directors and Its Committees 201Methods of Assigning Authority and Responsibility 202Management Control Activities 202Internal Audit Function 202Personnel Policies and Practices 202External Influences 203
Controls for Active Threats 203Site-Access Controls 203System-Access Controls 205File-Access Controls 206
Controls for Passive Threats 207Fault-Tolerant Systems 207Correcting Faults: File Backups 207
Internet Security—Special System and Configuration Considerations 208Operating System Vulnerabilities 208Web Server Vulnerabilities 209Private Network Vulnerabilities 209Vulnerabilities from Various Server and Communications Programs 209Cloud Computing 210Grid Computing 210General Security Procedures 211
Disaster Risk Management 211Preventing Disasters 211Contingency Planning for Disasters 211
Assess the Company's Critical Needs 212List Priorities for Recovery 212Recovery Strategies and Procedures 212
Compliance Standards 213Information Security Standards 213Business Continuity Planning and Disaster Recovery Standards 214
Summary 215 o Glossary 215 o Webliography 217 © Chapter Quiz 217 ®Review Problem 218 * Solution to Review Problem 218 • Review Questions 218 •Discussion Questions ^and Problems 219 ® Web Research Assignments 2 2 6 ®Answers to Chapter Quiz 226
PART II Business Processes 227
Chapter 7 Electronic Data Processing Systems 227The Input System 227
Manual Input Systems 227Preparation and Completion of the Source Document 227Transfer of Source Documents to Data Processing 227
Electronic Input Systems 232The Processing System 233
Types of Files 233Generic File Processing Operations 234Batch-Processing Systems 234
Batch Processing with Sequential File Updating 235Batch Processing with Random-Access File Updating 241Illustration of Batch Processing with Random-AccessFile Updating 242
Real-Time Processing Systems 244
CONTENTS ix
Board of Directors and Its Committees 201
Methods of Assigning Authority and Responsibility 202
Management Control Activities 202
Internal Audit Function 202
Personnel Policies and Practices 202
External Influences 203
Controls for Active Threats 203
Site-Access Controls 203
System-Access Controls 205
File-Access Controls 206
Controls for Passive Threats 207Fault-Tolerant Systems 207
Correcting Faults: File Backups 207
Internet Security—Special System and Configuration Considerations 208
Operating System Vulnerabilities 208
Web Server Vulnerabilities 209
Private Network Vulnerabilities 209
Vulnerabilities from Various Server and Communications Programs 209
Cloud Computing 210
Grid Computing 210
General Security Procedures 211
Disaster Risk Management 211
Preventing Disasters 211
Contingency Planning for Disasters 211
Assess the Company's Critical Needs 212
List Priorities for Recovery 212
Recovery Strategies and Procedures 212
Compliance Standards 213
Information Security Standards 213
*, Business Continuity Planning and Disaster Recovery Standards 214
Summary 215 • Glossary 215 • Webliography 217 © Chapter Quiz 217 ®
Review Problem 218 o Solution to Review Problem 218 © Review Questions 218 •
Discussion Questions gnd Problems 219 ® Web Research Assignments 226 ®
Answers to Chapter Quiz 226
PART II Business Processes 227
Chapter 7 Electronic Data Processing Systems 227The Input System 227
Manual Input Systems 227
Preparation and Completion of the Source~Document 227
Transfer of Source Documents to Data Processing 227
Electronic Input Systems 232
The Processing System 233
Types of Files 233
Generic File Processing Operations 234
Batch-Processing Systems 234
Batch Processing with Sequential File Updating 235
Batch Processing with Random-Access File Updating 241
Illustration of Batch Processing with Random-Access
File Updating 242
Real-Time Processing Systems 244
CONTENTS
Real-Time Sales Systems 245Components of Extended Supply Chain Systems 246Transaction Processing in EDI-Based Sales Systems 249Special Internal Control Considerations 250
The Output System 251
Summary 251 • Glossary 252 • Webliography 252 • Chapter Quiz 252 •Review Problem 253 • Solution to Review Problem 253 • Review Questions 254Discussion Questions and Problems 254 • Web Research Assignments 264 •Answers to Chapter Quiz 264
Chapter 8 Revenue Cycle Processes 265Sales Business Process 265
Overview 265Inquiry 265Contract Creation 266Order Entry 266Shipping 267Billing 267
SAP ERP Illustration 268Customer Master Records 268Data Fields 269One-Time Customers 272
Standard Order Processing in SAP ERP 272Overview 272Creating a Sales Order 272Database Features 273
Transaction Cycle Controls in Order Processing 274Order Entry 274Credit 276Inventory 276Shipping 276Billing and Accounts Receivable 277General Ledger 277
Sarbanes-Oxley Compliance: Sales Business Process 278
Customer Account Management Business Process 279Accounts Receivable 279
Transaction Controls in the Accounts Receivable Business Process 280Separation of Functions 280
Cash Receipts 280Billing 280Accounts Receivable 281Credit 281General Ledger 282
Sales Returns and Allowances 282Write-Off of Accounts Receivable 282Sarbanes-Oxley Compliance: Accounts Receivable Business Process 283
Cash-Received-on-Account Business Process 284
Overview 284Mailroom 285Cash Receipts 285Accounts Receivable 286General Ledger 286Bank 287
CONTENTS X i
Internal Audit 287Summary 287
Lock-Box Collection Systems 288
Cash-Sales Business Process 289Summary 290 • Glossary 290 • Webliography 290 • Chapter Quiz 291 •Review Problem 291 • Solution to Review Problem 292 • Review Questions 292 •Discussion Questions and Problems 293 • Web Research Assignments 304 •Answers to Chapter Quiz 304
Chapter 9 Procurement and Human Resource Business Processes 305The Procurement Business Process 305
Overview 305Requirement Determination 306Selection of Source(s) 307Request for Quotation 307Selection of a Vendor 308Issuing of a Purchase Order 308Receipt of the Goods 309Invoice Verification 309Vendor Payment 310Master Records 310
Transaction Cycle Controls over Procurement 311- Requisitioning (Stores) 311
Purchasing 313Receiving 314Stores 315Accounts Payable 315Additional Control Features 315Integrity of the Procurement Business Process 317The Attribute Rating Approach to Vendor Selection 317
Sarbanes-Oxley Compliance: Procurement Business Process 317
Cash Disbursements Business Process 318Accounts Payable 318Cash Disbursements 319General Ledger 319Internal Audit 319Voucher Systems 319
Posting of Payables 320
Human Resource Management Business Process 321HR Processing in SAP ERP 322HR Data Structure 323
Master Data 323Data Organization 323HR Objects 324
Transaction Cycle Controls in Payroll Processing 324Personnel 324Timekeeping 324Payroll 326Other Controls in Payroll 326Sarbanes-Oxley Compliance: Payroll Business Process 326Payroll Processing Requirements 326
Xii CONTENTS
Summary 328 * Glossary 328 » Webliography 329 « Chapter Quiz 329 •Review Problem 330 « Solution to Review Problem 330 » Review Questions 332Discussion Questions and Problems 332 • Web Research Assignments 348 •Answers to Chapter Quiz 348
Chapter 10 The Production Business Process 349The Production Business Process 349
Production Planning and Control 349Cost Accounting Controls 351
Inventory Control 353Lean Production 354Property Accounting Applications 355
Fixed Assets 355Investments 356Internal Accounting Control Practices 356
Quick-Response Manufacturing Systems 357
Components of Quick-Response Manufacturing Systems 357The Physical Manufacturing System 357The Manufacturing Resource Planning (MRP II) System 359Advanced Integration Technologies 360
Transaction Processing in Quick-Response Manufacturing Systems 361Production Planning 361Production Scheduling 363Cost Accounting 364Reporting 365Activity-Based Costing 365MRP II versus MRP 368
. ERP, ERP II, and EAS 369Implementing Lean Production in an MRP II/CIM Environment 369
Special Internal Control Considerations 370Summary 371 • Glossary 371 • Webliography 372 • Chapter Quiz 372 «Review Problem 373 • Solution to Review Problem 373 • Review Questions 373Discussion Questions and Problems 374 e Web Research Assignments 380 •Answers to Chapter Quiz 380
PART III Systems Development 381
Chapter 11 Systems Planning, Analysis, and Design 381General Overview 381
Rigid Development 381Flexible Development 382
Overview of Systems Planning and Analysis 383
Systems Planning and Feasibility Analysis 384
Systems Planning and Top Management 385Steering Committee 385Developing Objectives and System Constraints 385Developing a Strategic Systems Plan 385Identifying Individual Projects for Priority 386Commissioning the Systems Project 386
The Steps in Systems Analysis 386
Phase 1: Survey Current System 386Objectives of Surveying 386
CONTENTS X i i i
Behavioral Considerations 387Sources for Gathering Facts 387Analysis of Survey Findings 388
Phase 2: Identify Information Needs 388Phase 3: Identify the Systems Requirements 389Phase 4: Develop a Systems Analysis Report 389
Fact-Gathering Techniques 390
Techniques for Organizing Facts 390
Structured Systems Analysis and Design 392
Logical Flow and Business Process Diagrams versus Flowcharts 392Systems Design versus Systems Analysis 392The Steps in Structured Systems Analysis 393
Develop Logical Data Flow Diagrams 393Define Data Dictionaries 393Define Access Methods 394Define Process Logic 394
Iterative Systems Development 395 .
Object-Oriented Design and Analysis 395Diagrams in Process Orientation versus Object Orientation 396
Overview of Systems Design 397
Steps in Systems Design 397
Evaluating Design Alternatives 398Enumeration of Design Alternatives 398Describing the Alternatives 400Evaluating the Alternatives 400
Preparing Design Specifications 400Preparing and Submitting the Systems Design Specifications 401Businesss Process Blueprinting 402
Resources-Events-Agent (REA) Model 402
General Design Considerations 403
Output Design 404Database Design 404Data Processing 404Data Input 404Controls and Security Measures 405 / l
Design Techniques 405
Forms Design 405Database Design 405Systems Design Packages 406Choosing Software and Hardware 406
Conventional Wisdom in Systems Development 408
Summary 409 ® Glossary 410 © Webliography 411 ® Chapter Quiz 412 ©Review Questions 413 ® Discussion Questions and Problems 414 ® Web ResearchAssignments 418 o Answers to Chapter Quiz 418
Chapter 12 Systems Project Management, Implementation,Operation, and Control 419Overview 419
Systems Implementation 419
Establishing Plans and Controls for Implementation 419
x i v CONTENTS
Executing Implementation Activities 422Employee Training 422Acquiring and Installing New Computer Equipment 423Detailed Systems Design 423
,, Documenting the New System 424File Conversion 424Test Operations 424
Evaluating the New System 425Planning and Organizing a Systems Project 425
Project Selection 425The Project Team 426
Project Leader Responsibilities 426Project Uncertainty 427
Project Breakdown into Tasks and Phases 427Time Estimates 428
Work Measurement Techniques 428Accuracy of Estimates 430
Project Accounting 431Operation of the System 431Level of Detail 432
The Project Development Environment 432The Project Collaboration Platform 432The Software Application Framework 432The Integrated Development Environment 434The Software Versioning System 434The Application Solution Stack 434
All-in-One and Integrated Platforms 435Control over Nonfinancial Information SystemsResources 435
1 Auditing the Information System 436
Maintaining and Modifying the System 436
Summary 437 • Glossary 437 • Webliography 437 • Chapter Quiz 438
Review Questions 439 • Discussion Questions and Problems 439 • Web Research
Assignments 440 • Answers to Chapter Quiz 440
PART IV Contemporary Information Systems Technology 441
Chapter 13 Data Management Concepts 441Introductory Terminology 441
Databases 441Basic Database Elements: Fields, Data Items, Attributes, and Elements 442Data Occurrences 442Fixed- and Variable-Length Records 442Record Key and File Sequence 445
Database Management Systems and Their Architecture 446Conceptual Architecture 446Database Architecture at the Logical Level: Logical Data Structures 448
Tree or Hierarchical Structures 448Network Structures 449Relational Data Structures 450
Database Architecture: The Physical Level 454Sequentially Accessed Files 454Indexed Files 455
CONTENTS XV
Directly Accessed Files 458
Economic Relations between File Organization Techniques 460
Physical Architecture, Hardware, and Response Time 461
Database Architecture and Database Development 462
Other Types of Logical Structures and Related Databases 463
OLAP 463
In-Memory Databases 463
Acid: Reliable Processing of Database Transactions 464
Database Management Systems and Databases in Practice 464Data Description Language (DDL) 464
Data Manipulation Language 464
Data Query Language 465
SQL Data Manipulation Language 466
Select Queries 466
Update, Insert, and Delete Queries 468
High-Level Query Languages 468
Reporting Solutions 469
Why Database Management Systems Are Needed 469
Data Independence 470
Security 470
Database Documentation and Administration 471
Summary 472 » Glossary 473 • Webliography 475 • Chapter Quiz 475 •
Review Problem 476 • Solution to Review Problem 476 • Review Questions 476
Discussion Questions and Problems 476 • Web Research Assignments 481 •
Answers to Chapter Quiz 481
Chapter 14 Auditing Information Technology 482Information Systems Auditing Concepts 482
Structure of a Financial Statement Audit 482
Auditing around the Computer 483
Auditing through the Computer 484
Auditing with the Computer 484
Risk-Based Auditing 485
Information Systems Auditing Technology 486Test Data 486
Integrated-Test-Facility Approach 488
Parallel Simulation 489
Audit Software 490
Generalized Audit Software (GAS) 490
Embedded Audit Routines 490
Extended Records 491
Snapshot 491
Tracing 492
Review-of-Systems Documentation 492
Control Flowcharting 492
Mapping 493
Types of Information Systems Audits 493General Approach to an Information Systems Audit 493
Information Systems Application Audits 494
Application Systems Development Audits 494
Computer Service Center Audits 495
Auditing Service-Oriented Architectures 495
xvi CONTENTS
IT Governance and COBIT 495COBIT 496
Navigation Diagram 496Maturity Models 498Management Guidelines 500
Performance Measurement 500
COBIT and Sarbanes-Oxley Compliance 501
Professional Certifications Relating to IT Governance 501
Summary 502 • Glossary 502 • Webliograpy 503 • Chapter Quiz 503 •Review Problem 504 • Solution to Review Problem 504 • Review Questions 505Discussion Questions and Problems 505 • Web Research Assignments 512 •Answers to Chapter Quiz 512
Index 513